Skip to main content

Windows 11 Version 26H1

383 CVEs product

Monthly

CVE-2026-58529 HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Active Directory Federation Services (AD FS) lets an authenticated, network-based attacker read memory outside intended bounds and leak sensitive data, per Microsoft's own report of the flaw (tracked in MSRC as CVE-2026-58529). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N, C:H) indicates low-privilege remote exploitation with high confidentiality impact; there is no public exploit identified at time of analysis and it is not on CISA KEV. A vendor patch is available. Note a data discrepancy: the flaw is described as AD FS (a server role) yet the only CPE lists the Windows 11 version 26H1 client - verify affected platforms with Microsoft.

Buffer Overflow Information Disclosure Windows 11 Version 26H1
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2026-56181 HIGH PATCH Exploit Unlikely This Week

Spoofing via origin validation error in the Windows Network Address Translation (NAT) component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, including Server Core installations. An unauthenticated attacker positioned on an adjacent network segment can bypass origin/authentication checks (CWE-346) to impersonate a trusted source, with Microsoft rating scope-changed high impact to confidentiality, integrity, and availability (CVSS 8.3). No public exploit identified at time of analysis, though high attack complexity limits reliable exploitation.

Authentication Bypass Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-58638 MEDIUM PATCH Exploit Likely This Month

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +14
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2026-58637 HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows Client-Side Caching (CSC) Service, driven by a use-after-free (CWE-416) memory-corruption flaw affecting Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. An authorized attacker who already holds low-level privileges (PR:L) on the host can trigger the freed-object reuse to gain elevated, likely SYSTEM-level, privileges. The issue was reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and no CISA KEV listing.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-58634 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows 11 (version 26H1) Desktop Window Manager (DWM) allows an authenticated low-privileged user to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory-corruption flaw. Reported by Microsoft and carrying a CVSS 3.1 score of 7.8, the flaw grants full confidentiality, integrity, and availability impact once triggered locally. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but DWM EoP bugs are a historically favored post-compromise primitive.

Use After Free Memory Corruption Denial Of Service Windows 11 Version 26H1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58633 HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Desktop Window Manager (DWM) component of Windows 11 version 26H1 allows an authenticated local attacker to elevate to SYSTEM by triggering a use-after-free memory corruption condition. The CVSS 3.1 vector (AV:L/PR:L) confirms an already-authenticated low-privileged user is required, and full compromise of confidentiality, integrity, and availability follows successful exploitation. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Windows 11 Version 26H1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58632 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58629 HIGH PATCH This Week

Local privilege escalation in the Windows DirectX graphics subsystem allows an authenticated attacker with low privileges to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.0 (High), tempered by high attack complexity.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +18
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-58628 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Wireless Networking component affects a broad span of currently supported Windows releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025), letting an already-authenticated local user win a timing race to gain SYSTEM-level control. The flaw is a CWE-362 race condition where improperly synchronized access to a shared resource can be manipulated during a narrow execution window; CVSS 7.8 reflects a high-complexity but high-impact local escalation with a scope change. Microsoft (the reporter) has shipped a patch, and there is no public exploit identified at time of analysis.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-58626 HIGH PATCH This Week

Remote code execution in Windows Remote Desktop Services (RDS) allows an authenticated network attacker to run arbitrary code by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of currently-supported Windows client and server builds - Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2022/2025 (including Server Core). It was reported by Microsoft with a CVSS 8.8 rating; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network vector combined with only low-privilege requirements makes it a strong patch priority.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 21H2 +7
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-58619 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Sensor Data Service arises from a use-after-free (CWE-416) memory corruption flaw that an already-authenticated attacker can trigger to run code at higher privilege. It affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Reported by Microsoft with a patch available; no public exploit identified at time of analysis, and the CVSS:3.1 score is 7.0 (High).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-58613 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Cloud Files Mini Filter Driver (cldflt.sys) lets an authenticated low-privileged user corrupt kernel memory to gain SYSTEM-level control. The flaw is a use-after-free (CWE-416) affecting a broad range of Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019-2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58594 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Remote Desktop (RDP) component allows an unauthenticated attacker to run arbitrary code by triggering an integer overflow, but only when a victim is convinced to interact (per CVSS UI:R) - most consistent with a malicious RDP server coercing a connecting client. The flaw affects a broad range of supported Windows client and server releases from Windows Server 2012/Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-58541 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated attacker to gain SYSTEM-level privileges by triggering a type-confusion (CWE-843) condition. The flaw affects a broad range of supported Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Reported internally by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Microsoft Memory Corruption Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58543 MEDIUM PATCH Exploit Unlikely This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2026-58542 HIGH PATCH NEWS This Week

Local code execution in Windows Media on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an attacker run arbitrary code by luring a user into opening a maliciously crafted media file. The CVSS 3.1 base score is 7.8 with full confidentiality, integrity, and availability impact but requiring user interaction, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Heap Overflow Buffer Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-58544 HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in Microsoft Windows Management Services lets a low-privileged local user corrupt memory through a use-after-free (CWE-416) and gain higher privileges on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A successful exploit yields high confidentiality, integrity, and availability impact, but the CVSS vector marks high attack complexity, reflecting the race-condition timing typically needed to win a use-after-free. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-58545 MEDIUM PATCH This Month

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-58547 MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.

Heap Overflow Buffer Overflow Windows 10 Version 1809 Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-58536 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Cloud Files Mini Filter Driver (cldflt.sys) allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free memory corruption condition. The flaw affects a broad range of Windows client and server releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019 through 2025) and was reported by Microsoft. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2026-58534 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Input Method Editor (IME) component shipped across Windows 10, Windows 11, and Windows Server 2016 through 2025 allows an authenticated, low-privileged user to corrupt heap memory and gain SYSTEM-level control. The flaw (CWE-122 heap-based buffer overflow) carries a scope-changing CVSS 3.1 score of 8.8, meaning successful exploitation escapes the caller's security boundary. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-58537 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's NAT Helper Components (ipnathlp.dll), the driver behind Internet Connection Sharing and NAT translation on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. An authenticated attacker who already has low-privilege access can exploit a use-after-free memory corruption bug to run code at higher privilege (SYSTEM). No public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58532 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by triggering an integer overflow (CWE-190) in a kernel code path. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and no EPSS or KEV data supplied.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58531 HIGH PATCH Exploit Likely This Week

Elevation of privilege in the Windows SMB implementation allows an authenticated network attacker to win a race condition and gain higher privileges on affected systems, spanning Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw is a concurrency defect (CWE-362) reported by Microsoft with a vendor patch already released; there is no public exploit identified at time of analysis. Note a data conflict: the description and CVSS impacts describe privilege elevation with full confidentiality/integrity/availability impact, while the intelligence tags also label it 'Information Disclosure' — the CVSS vector should be treated as authoritative.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-58540 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Installer (msiexec/MSI service) lets an already-authenticated low-privilege user elevate to SYSTEM by abusing an improper authorization check (CWE-285). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so risk is currently potential rather than confirmed in-the-wild exploitation.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58539 MEDIUM PATCH This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-58546 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2026-58535 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-58533 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2026-58538 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Bluetooth Service affects a broad range of Microsoft Windows client and server editions (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019 through 2025). A heap-based buffer overflow (CWE-122) lets an already-authenticated local attacker corrupt kernel/service memory to elevate from a low-privileged account to SYSTEM. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-58530 HIGH PATCH This Week

Local code execution in Microsoft Windows' Resilient File System (ReFS) driver lets an attacker run arbitrary code by inducing a victim to mount or open a maliciously crafted ReFS volume. The flaw is a heap-based buffer overflow (CWE-122) in ReFS metadata parsing affecting Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025. CVSS is 7.8 (AV:L/UI:R); there is no public exploit identified at time of analysis and it is not in CISA KEV, so exploitation would require crafting a malicious volume and social-engineering the user to attach it.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-58528 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2026-58527 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2022/2025, where a race condition in shared-resource handling lets an already-authenticated local user win a timing window to gain higher privileges. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and the CVSS base score is 7.8 (High). Note that Microsoft's tags label this as Information Disclosure while the description and CVSS impact metrics describe full privilege elevation - this discrepancy should be verified against the vendor advisory.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-57982 MEDIUM PATCH Exploit Unlikely This Month

Information disclosure via uninitialized resource use in Windows Remote Desktop Protocol (RDP) exposes sensitive memory contents to authenticated remote attackers across a wide range of Microsoft Windows desktop and server editions. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms this is exploitable over the network by any low-privileged authenticated user with no complexity or interaction requirements, yielding high confidentiality impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low barrier to exploitation and the ubiquitous deployment of Windows RDP make this a meaningful patching priority.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2026-57096 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Routing and Remote Access Service (RRAS) allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw affects a broad range of Windows client and server versions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-57093 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free (CWE-416) in the kernel-mode driver. All actively serviced Windows client (10 1607 through 11 26H1) and Server (2012 through 2025) editions are affected, and Microsoft has released patches. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-57087 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Windows Media Foundation allows an unauthenticated attacker to run arbitrary code by tricking a user into opening a maliciously crafted media file or stream. The flaw is a heap-based buffer overflow (CWE-122) affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available via the Microsoft Security Response Center.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-57092 CRITICAL PATCH NEWS Exploit Unlikely Act Now

Elevation of privilege in the Windows Hyper-V virtual network switch (VMSwitch) lets an authenticated attacker operating from a guest partition corrupt kernel memory via a use-after-free and gain higher privileges, with a scope change (S:C) indicating a guest-to-host escape. Rated CVSS 9.9 and affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, this issue was reported by Microsoft and has a vendor patch available. No public exploit is identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2026-57085 MEDIUM PATCH This Month

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2026-57089 HIGH PATCH This Week

Remote code execution in the Windows SMB Server network transport driver (srvnet.sys) lets an unauthenticated network attacker win a use-after-free race to run arbitrary code, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. Per its CVSS vector the flaw requires user interaction and high attack complexity, so exploitation is non-trivial rather than a trivial wormable hit. This was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2026-57091 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows File History Service lets an authenticated, low-privileged attacker corrupt a stack buffer (CWE-121) to run code with elevated (SYSTEM-level) privileges on affected Windows client and server releases. The flaw spans a broad range of supported editions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025, including Server Core installations. No public exploit was identified at time of analysis, and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-57094 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Windows Media Foundation lets an unauthenticated attacker run arbitrary code in the victim's context by delivering a malicious media file or stream that the target opens or plays. The flaw affects the Media Foundation multimedia framework across supported Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 builds, and carries CVSS 8.8. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS profile of confidentiality, integrity, and availability all rated High marks this as a high-priority client-side RCE.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-57090 HIGH PATCH NEWS Exploit Unlikely This Week

Remote code execution in Microsoft Windows Media Foundation lets an unauthenticated network attacker run arbitrary code on the victim's machine when the target opens or renders a maliciously crafted media file or stream. The flaw is a heap-based buffer overflow (CWE-122) affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2016 through Server 2025. No public exploit identified at time of analysis, but the low complexity and network vector make it a high-priority patch item; exploitation requires user interaction (UI:R).

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2026-57095 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.2
EPSS
0.5%
CVE-2026-56650 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Network File System (NFS) component allows an authenticated attacker to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server 2012-2025 releases, with a vendor patch available via MSRC. No public exploit identified at time of analysis, and no CISA KEV listing.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-57084 MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-57083 MEDIUM PATCH This Month

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-56649 MEDIUM PATCH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2026-56648 HIGH PATCH This Week

Elevation of privilege in the Windows Network File System (NFS) component affects a broad range of Microsoft platforms - Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025 - where an authorized attacker can win a time-of-check/time-of-use (TOCTOU) race condition over the network to gain higher privileges. The CVSS 3.1 vector (AV:N/AC:H/PR:L) indicates a network-reachable but high-complexity flaw requiring low-level existing privileges, with full high impact to confidentiality, integrity and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a Microsoft (MSRC) patch is available.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-56647 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in the Windows Remote Access Service (RRAS) Infrastructure allows an authenticated attacker to elevate privileges over the network by triggering an integer overflow (CWE-190) in affected code paths. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server releases (2012 R2 through 2025), and Microsoft has released a patch. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the network-reachable EoP profile with only low privileges required makes it a meaningful patch priority.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-56194 HIGH PATCH Exploit Unlikely This Week

Privilege escalation via a heap-based buffer overflow in the Windows Network File System (NFS) role lets an authenticated, low-privileged network attacker send crafted requests to corrupt server heap memory and gain elevated privileges. Affected systems span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025 wherever the Server for NFS role is present. No public exploit was identified at time of analysis and the flaw is not in CISA KEV, but the 8.8 CVSS with a network-reachable, low-complexity, no-user-interaction profile makes it a meaningful patch priority on NFS hosts.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2026-54124 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Terminal (shipped on Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2022/2025) arises from an integer overflow (CWE-190) that an unauthorized attacker can trigger, but only after luring a logged-on user into interacting with malicious content. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, so this is a defense-in-depth patch rather than an emergency, though the CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered. Microsoft has released a patch via the MSRC update guide.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 21H2 Windows 10 Version 22H2 +8
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2026-56644 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption condition, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2016 through 2025. Reported by Microsoft with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N), the flaw grants full confidentiality, integrity, and availability impact on the local system. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-56643 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (CWE-416 use-after-free) lets an already-authenticated low-privilege user corrupt kernel memory and gain SYSTEM-level control across a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. Microsoft self-reported the flaw and has shipped a patch through the Update Guide; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 7.8 (AV:L/PR:L) it is a classic Patch-Tuesday local EoP suitable as a second-stage primitive after initial access.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-56189 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation (CWE-122 heap-based buffer overflow) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file or content that the platform parses. It affects a broad range of Windows client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2026-56188 CRITICAL PATCH NEWS Exploit Likely Act Now

Remote code execution in the Windows Server Network driver stems from a race condition (CWE-362) that lets an unauthorized attacker execute arbitrary code across a wide range of Microsoft Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with full confidentiality, integrity, and availability impact, and an 'Authentication Bypass' tag suggests the flaw can also subvert access controls. There is no public exploit identified at time of analysis and no CISA KEV listing, but the network-facing, pre-authentication nature makes it a high-priority patch.

Authentication Bypass Microsoft Race Condition Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2026-56186 HIGH PATCH This Week

Information disclosure in Microsoft Windows Schannel (the Secure Channel TLS/SSL provider) lets an authenticated, network-adjacent attacker read memory beyond an allocated buffer and leak sensitive data across a network connection. The flaw spans nearly the entire supported Windows family - Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a fix available; there is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2026-56187 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows MIDI Service Module affects Windows 11 versions 24H2, 25H2, and 26H1, where a use-after-free (CWE-416) memory corruption lets an already-authorized local user run code with elevated privileges. Microsoft rates it CVSS 7.0 and has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is non-trivial due to high attack complexity and requires the attacker to already hold low-level local privileges.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +2
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-56184 MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 Windows 11 Version 24H2 +5
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-56190 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Remote Desktop (RDP) allows an unauthorized network attacker to run arbitrary code by triggering the use of an uninitialized resource (CWE-908). All currently supported Windows client and server releases are affected, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. The CVSS 3.1 base score is 9.8 with a network, no-privileges, no-interaction vector; there is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass Microsoft Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2026-56183 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows MIDI Service Module affects Windows 11 versions 24H2, 25H2, and 26H1, where a use-after-free (CWE-416) memory-corruption flaw lets an already-authenticated local user elevate to higher privileges. Exploitation requires winning a race condition (high attack complexity), and Microsoft has released a fix; no public exploit identified at time of analysis. Rated CVSS 7.0 with full confidentiality, integrity, and availability impact once triggered.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +2
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-56182 HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file system driver allows an authenticated low-privileged user to gain SYSTEM-level rights by triggering an integer overflow (CWE-190) during filesystem processing. It affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available from Microsoft.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-56175 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS driver lets an already-authenticated attacker corrupt heap memory to run code at a higher privilege level (typically SYSTEM) on affected Windows 10, Windows 11, and Windows Server builds. Microsoft reported the issue and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 7.8 (AV:L/PR:L) it is a valuable post-compromise pivot rather than an initial-access bug.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-56176 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Win32k GRFX subsystem across Windows 10, Windows 11, and Windows Server 2012 through 2025 lets an authenticated low-privileged local attacker elevate to SYSTEM by triggering an out-of-bounds read (CWE-125). The flaw was reported internally by Microsoft, a vendor patch is available via MSRC, and there is no public exploit identified at time of analysis. CVSS is 7.8 (High), reflecting a local vector with low complexity and low privileges required.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-56173 HIGH PATCH This Week

Local privilege elevation in the Windows WebView component affects a broad range of currently-supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). By triggering a use-after-free (CWE-416) memory-corruption condition, an already-authenticated low-privilege attacker can execute code in a higher-privilege context, yielding full confidentiality, integrity, and availability impact on the local system. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +11
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-56168 MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.

Microsoft Denial Of Service Null Pointer Dereference Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2026-50359 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft XML Core Services (MSXML) lets a low-privileged, authorized attacker on a Windows host reclaim a freed object (use-after-free, CWE-416) to run code at elevated privilege. It affects a broad Windows footprint spanning Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, including Server Core installations. Microsoft reported the flaw, a patch is available, and there is no public exploit identified at time of analysis; CISA SSVC currently rates exploitation as none.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-54126 MEDIUM PATCH This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2026-54128 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw affecting a broad range of Windows 10, Windows 11, and Windows Server releases (Server 2012 through Server 2025). Per the CVSS vector an unauthenticated attacker with local access can achieve high-impact code execution with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2026-50692 HIGH PATCH This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) lets an already-authenticated, low-privileged attacker corrupt heap memory (CWE-122) to gain SYSTEM-level control across Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2016 through 2025. The CVSS 3.1 score of 8.8 reflects a scope change into a higher-integrity context with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-50690 MEDIUM PATCH This Month

Uninitialized memory disclosure in the Windows SMB stack allows a locally authenticated attacker to read sensitive contents from uninitialized buffers, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw (CWE-908) resides in the SMB subsystem where a resource is consumed before being properly zeroed, leaking residual memory contents to a low-privileged local user. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; SSVC assessment places exploitation at none with partial technical impact, making this a standard patch-cycle priority rather than an emergency response item.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2026-54125 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Runtime (WinRT) across Windows 10, Windows 11, and Windows Server 2019 through 2025 allows an already-authenticated attacker to win a race condition and gain SYSTEM-level privileges. The flaw stems from concurrent access to a shared resource without proper synchronization, and full C:H/I:H/A:H impact indicates complete host compromise once triggered. Reported by Microsoft with a patch available; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50689 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard Server (Cliprdr/RDP clipboard virtual channel service) affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through 11 26H1 and Server 2025). An authenticated local attacker who can trigger a use-after-free (CWE-416) in the service can corrupt memory to run code at elevated (SYSTEM-level) privilege. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50686 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows OLE (Object Linking and Embedding) allows an unauthorized network attacker to run arbitrary code by triggering a type-confusion condition (CWE-843) in the OLE component. The flaw affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025, and carries a CVSS 8.1 (High) rating. No privileges or authentication are required per the CVSS vector, though the high attack complexity (AC:H) means exploitation depends on winning a specific timing or memory-state condition; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Microsoft Memory Corruption Authentication Bypass Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2026-50687 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated, low-privileged attacker on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 corrupt kernel memory via a use-after-free and gain SYSTEM-level control. The CVSS 3.1 score of 8.8 is elevated by a scope change (S:C), reflecting that kernel compromise crosses the boundary from user context to the OS itself. Microsoft has released a patch; no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-50682 HIGH PATCH This Week

Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2026-50681 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2026-50680 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows Hyper-V hypervisor allows an already-authenticated, high-privileged attacker to corrupt heap memory (CWE-122) and elevate to higher privileges on the host. The scope-changed CVSS 3.1 vector (8.2) reflects that a successful exploit can breach the guest/host virtualization boundary, impacting confidentiality, integrity, and availability of the underlying host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a Microsoft patch is available.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2026-50688 HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of Windows client and server builds - from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025 - and was reported by Microsoft with a patch available. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1607 +17
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2026-50679 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Search Component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a heap-based buffer overflow lets an already-authenticated local attacker corrupt memory and elevate to higher privileges (up to SYSTEM). The CVSS 3.1 score of 7.8 reflects local-only attack with low privileges required and no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54115 HIGH PATCH This Week

Local privilege escalation in Windows Active Directory across a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025) allows an authenticated local attacker to elevate privileges by triggering an integer overflow (CWE-190). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the affected host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has issued a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-50677 HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Media (a component shipping in Windows 11 versions 24H2, 25H2, and 26H1) lets an authenticated local attacker execute code at elevated privilege by triggering a use-after-free (CWE-416) memory-corruption condition. Reported by Microsoft with a vendor patch available, it carries CVSS 7.8 (High) and can yield full confidentiality, integrity, and availability compromise of the host. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50676 HIGH PATCH This Week

Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain SYSTEM-level privileges. Rated CVSS 7.8 (High), the flaw stems from improper synchronization of a shared resource; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has released a patch via the MSRC update guide.

Microsoft Race Condition Information Disclosure Windows 11 Version 24H2 Windows 11 Version 25H2 +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50674 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows USB Print Driver stems from a use-after-free (CWE-416) memory corruption flaw affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A low-privileged authenticated attacker who can execute code on the host and win a memory-timing race can corrupt kernel memory to gain higher (SYSTEM-level) privileges. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation is not currently observed in the wild.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 11 Version 24H2 +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2026-50673 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Denial Of Service Null Pointer Dereference Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50672 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows NTFS (New Technology File System) driver lets an already-authenticated low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and elevate to SYSTEM. The flaw affects a broad Windows client and server matrix (Windows 10 1809 through Windows 11 26H1, Windows Server 2019/2022/2025). It has no public exploit identified at time of analysis and is not on CISA KEV, but as a Microsoft-reported, patched NTFS kernel bug it is a routine patch-priority item on standard Patch Tuesday cycles.

Use After Free Memory Corruption Denial Of Service Microsoft Windows 10 Version 1809 +10
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50670 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker read memory outside allocated bounds (CWE-125) and leverage it to elevate to SYSTEM across a broad range of client and server builds (Windows 10 1809 through Windows 11 26H1, Windows Server 2019 through 2025). Microsoft rates it CVSS 8.8 with a changed scope, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-50669 HIGH PATCH This Week

Local privilege escalation in the Windows Telephony Service (TAPI) affects a broad range of Microsoft Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. A local, low-privileged attacker who wins a race condition (CWE-362) in the service's handling of a shared resource can corrupt state and elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not on CISA KEV; EPSS was not provided.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-50668 MEDIUM PATCH This Month

Privilege escalation via heap-based buffer overflow in the Windows NTFS filesystem driver affects a broad range of Windows 10, Windows 11, and Windows Server versions, requiring only physical access to the target device - no OS credentials needed. An attacker with hands-on access to the hardware can trigger a heap overflow in NTFS processing to gain elevated privileges, potentially achieving full system compromise (High C/I/A). No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the combination of zero authentication requirements and critical-level impact makes it a realistic threat for physically accessible endpoints. A vendor-supplied patch is available via the Microsoft Security Response Center.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-50667 HIGH POC PATCH Exploit Likely This Week

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTEM by winning a race condition (CWE-362) in the way NTFS handles a shared resource without proper synchronization. All currently supported Windows client and server builds are affected, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis, but Microsoft has released a patch and rates the impact as full loss of confidentiality, integrity, and availability once exploited.

Microsoft Race Condition Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
2.2%
EPSS 1% CVSS 7.1
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Active Directory Federation Services (AD FS) lets an authenticated, network-based attacker read memory outside intended bounds and leak sensitive data, per Microsoft's own report of the flaw (tracked in MSRC as CVE-2026-58529). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N, C:H) indicates low-privilege remote exploitation with high confidentiality impact; there is no public exploit identified at time of analysis and it is not on CISA KEV. A vendor patch is available. Note a data discrepancy: the flaw is described as AD FS (a server role) yet the only CPE lists the Windows 11 version 26H1 client - verify affected platforms with Microsoft.

Buffer Overflow Information Disclosure Windows 11 Version 26H1
NVD
EPSS 0% CVSS 8.3
HIGH PATCH Exploit Unlikely This Week

Spoofing via origin validation error in the Windows Network Address Translation (NAT) component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, including Server Core installations. An unauthenticated attacker positioned on an adjacent network segment can bypass origin/authentication checks (CWE-346) to impersonate a trusted source, with Microsoft rating scope-changed high impact to confidentiality, integrity, and availability (CVSS 8.3). No public exploit identified at time of analysis, though high attack complexity limits reliable exploitation.

Authentication Bypass Microsoft Windows 11 Version 24H2 +4
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH Exploit Likely This Month

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1809 +16
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Microsoft Windows Client-Side Caching (CSC) Service, driven by a use-after-free (CWE-416) memory-corruption flaw affecting Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. An authorized attacker who already holds low-level privileges (PR:L) on the host can trigger the freed-object reuse to gain elevated, likely SYSTEM-level, privileges. The issue was reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and no CISA KEV listing.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows 11 (version 26H1) Desktop Window Manager (DWM) allows an authenticated low-privileged user to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory-corruption flaw. Reported by Microsoft and carrying a CVSS 3.1 score of 7.8, the flaw grants full confidentiality, integrity, and availability impact once triggered locally. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV, but DWM EoP bugs are a historically favored post-compromise primitive.

Use After Free Memory Corruption Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH Exploit Likely This Week

Local privilege escalation in the Desktop Window Manager (DWM) component of Windows 11 version 26H1 allows an authenticated local attacker to elevate to SYSTEM by triggering a use-after-free memory corruption condition. The CVSS 3.1 vector (AV:L/PR:L) confirms an already-authenticated low-privileged user is required, and full compromise of confidentiality, integrity, and availability follows successful exploitation. Microsoft has released a patch; there is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Win32K kernel-mode subsystem allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows DirectX graphics subsystem allows an authenticated attacker with low privileges to elevate to SYSTEM by triggering a use-after-free (CWE-416) memory-corruption condition. The flaw affects a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.0 (High), tempered by high attack complexity.

Use After Free Memory Corruption Denial Of Service +20
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Wireless Networking component affects a broad span of currently supported Windows releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025), letting an already-authenticated local user win a timing race to gain SYSTEM-level control. The flaw is a CWE-362 race condition where improperly synchronized access to a shared resource can be manipulated during a narrow execution window; CVSS 7.8 reflects a high-complexity but high-impact local escalation with a scope change. Microsoft (the reporter) has shipped a patch, and there is no public exploit identified at time of analysis.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Windows Remote Desktop Services (RDS) allows an authenticated network attacker to run arbitrary code by triggering a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of currently-supported Windows client and server builds - Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2022/2025 (including Server Core). It was reported by Microsoft with a CVSS 8.8 rating; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network vector combined with only low-privilege requirements makes it a strong patch priority.

Use After Free Memory Corruption Denial Of Service +9
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Sensor Data Service arises from a use-after-free (CWE-416) memory corruption flaw that an already-authenticated attacker can trigger to run code at higher privilege. It affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Reported by Microsoft with a patch available; no public exploit identified at time of analysis, and the CVSS:3.1 score is 7.0 (High).

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Cloud Files Mini Filter Driver (cldflt.sys) lets an authenticated low-privileged user corrupt kernel memory to gain SYSTEM-level control. The flaw is a use-after-free (CWE-416) affecting a broad range of Windows client and server builds from Windows 10 1809 through Windows 11 26H1 and Windows Server 2019-2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Microsoft Windows Remote Desktop (RDP) component allows an unauthenticated attacker to run arbitrary code by triggering an integer overflow, but only when a victim is convinced to interact (per CVSS UI:R) - most consistent with a malicious RDP server coercing a connecting client. The flaw affects a broad range of supported Windows client and server releases from Windows Server 2012/Windows 10 1607 through Windows 11 26H1 and Windows Server 2025. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS data was not provided.

Buffer Overflow Microsoft Integer Overflow +18
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library allows an authenticated attacker to gain SYSTEM-level privileges by triggering a type-confusion (CWE-843) condition. The flaw affects a broad range of supported Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. Reported internally by Microsoft with a vendor patch available; no public exploit identified at time of analysis.

Microsoft Memory Corruption Information Disclosure +14
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH Exploit Unlikely This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows USB Print Driver allows an authorized attacker to elevate privileges with a physical attack.

Microsoft Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Windows Media on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 lets an attacker run arbitrary code by luring a user into opening a maliciously crafted media file. The CVSS 3.1 base score is 7.8 with full confidentiality, integrity, and availability impact but requiring user interaction, and there is no public exploit identified at time of analysis. Microsoft has released a patch via MSRC.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Elevation of privilege in Microsoft Windows Management Services lets a low-privileged local user corrupt memory through a use-after-free (CWE-416) and gain higher privileges on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A successful exploit yields high confidentiality, integrity, and availability impact, but the CVSS vector marks high attack complexity, reflecting the race-condition timing typically needed to win a use-after-free. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Universal Plug and Play (upnp.dll) allows an authorized attacker to elevate privileges locally.

Heap Overflow Buffer Overflow Windows 10 Version 1809 +10
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows Cloud Files Mini Filter Driver (cldflt.sys) allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free memory corruption condition. The flaw affects a broad range of Windows client and server releases (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019 through 2025) and was reported by Microsoft. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Input Method Editor (IME) component shipped across Windows 10, Windows 11, and Windows Server 2016 through 2025 allows an authenticated, low-privileged user to corrupt heap memory and gain SYSTEM-level control. The flaw (CWE-122 heap-based buffer overflow) carries a scope-changing CVSS 3.1 score of 8.8, meaning successful exploitation escapes the caller's security boundary. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's NAT Helper Components (ipnathlp.dll), the driver behind Internet Connection Sharing and NAT translation on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. An authenticated attacker who already has low-privilege access can exploit a use-after-free memory corruption bug to run code at higher privilege (SYSTEM). No public exploit identified at time of analysis, and it is not listed in CISA KEV, but Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by triggering an integer overflow (CWE-190) in a kernel code path. The flaw affects a broad range of supported Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through Server 2025). Reported by Microsoft with a vendor patch available; no public exploit identified at time of analysis and no EPSS or KEV data supplied.

Buffer Overflow Microsoft Integer Overflow +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH Exploit Likely This Week

Elevation of privilege in the Windows SMB implementation allows an authenticated network attacker to win a race condition and gain higher privileges on affected systems, spanning Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw is a concurrency defect (CWE-362) reported by Microsoft with a vendor patch already released; there is no public exploit identified at time of analysis. Note a data conflict: the description and CVSS impacts describe privilege elevation with full confidentiality/integrity/availability impact, while the intelligence tags also label it 'Information Disclosure' — the CVSS vector should be treated as authoritative.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Installer (msiexec/MSI service) lets an already-authenticated low-privilege user elevate to SYSTEM by abusing an improper authorization check (CWE-285). Affected platforms span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025, including Server Core installations. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so risk is currently potential rather than confirmed in-the-wild exploitation.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Bluetooth Service affects a broad range of Microsoft Windows client and server editions (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019 through 2025). A heap-based buffer overflow (CWE-122) lets an already-authenticated local attacker corrupt kernel/service memory to elevate from a low-privileged account to SYSTEM. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Windows' Resilient File System (ReFS) driver lets an attacker run arbitrary code by inducing a victim to mount or open a maliciously crafted ReFS volume. The flaw is a heap-based buffer overflow (CWE-122) in ReFS metadata parsing affecting Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025. CVSS is 7.8 (AV:L/UI:R); there is no public exploit identified at time of analysis and it is not in CISA KEV, so exploitation would require crafting a malicious volume and social-engineering the user to attach it.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Windows USB Audio Class driver (usbaudio.sys) allows an unauthorized attacker to disclose information with a physical attack.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Runtime (WinRT) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2022/2025, where a race condition in shared-resource handling lets an already-authenticated local user win a timing window to gain higher privileges. Reported by Microsoft with a patch available; there is no public exploit identified at time of analysis and the CVSS base score is 7.8 (High). Note that Microsoft's tags label this as Information Disclosure while the description and CVSS impact metrics describe full privilege elevation - this discrepancy should be verified against the vendor advisory.

Microsoft Race Condition Information Disclosure +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Information disclosure via uninitialized resource use in Windows Remote Desktop Protocol (RDP) exposes sensitive memory contents to authenticated remote attackers across a wide range of Microsoft Windows desktop and server editions. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms this is exploitable over the network by any low-privileged authenticated user with no complexity or interaction requirements, yielding high confidentiality impact. No public exploit code or CISA KEV listing has been identified at time of analysis, but the low barrier to exploitation and the ubiquitous deployment of Windows RDP make this a meaningful patching priority.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows Routing and Remote Access Service (RRAS) allows an authenticated low-privileged attacker to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw affects a broad range of Windows client and server versions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver for WinSock (AFD.sys) allows an authenticated low-privileged user to elevate to SYSTEM by triggering a use-after-free (CWE-416) in the kernel-mode driver. All actively serviced Windows client (10 1607 through 11 26H1) and Server (2012 through 2025) editions are affected, and Microsoft has released patches. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Media Foundation allows an unauthenticated attacker to run arbitrary code by tricking a user into opening a maliciously crafted media file or stream. The flaw is a heap-based buffer overflow (CWE-122) affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available via the Microsoft Security Response Center.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 1% CVSS 9.9
CRITICAL PATCH Exploit Unlikely Act Now

Elevation of privilege in the Windows Hyper-V virtual network switch (VMSwitch) lets an authenticated attacker operating from a guest partition corrupt kernel memory via a use-after-free and gain higher privileges, with a scope change (S:C) indicating a guest-to-host escape. Rated CVSS 9.9 and affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, this issue was reported by Microsoft and has a vendor patch available. No public exploit is identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Remote code execution in the Windows SMB Server network transport driver (srvnet.sys) lets an unauthenticated network attacker win a use-after-free race to run arbitrary code, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. Per its CVSS vector the flaw requires user interaction and high attack complexity, so exploitation is non-trivial rather than a trivial wormable hit. This was reported by Microsoft, a vendor patch is available, and there is no public exploit identified at time of analysis.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Windows File History Service lets an authenticated, low-privileged attacker corrupt a stack buffer (CWE-121) to run code with elevated (SYSTEM-level) privileges on affected Windows client and server releases. The flaw spans a broad range of supported editions from Windows 10 1607 through Windows 11 26H1 and Windows Server 2016 through 2025, including Server Core installations. No public exploit was identified at time of analysis, and the CVE is not listed in CISA KEV.

Buffer Overflow Stack Overflow Microsoft +14
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Media Foundation lets an unauthenticated attacker run arbitrary code in the victim's context by delivering a malicious media file or stream that the target opens or plays. The flaw affects the Media Foundation multimedia framework across supported Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 builds, and carries CVSS 8.8. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS profile of confidentiality, integrity, and availability all rated High marks this as a high-priority client-side RCE.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows Media Foundation lets an unauthenticated network attacker run arbitrary code on the victim's machine when the target opens or renders a maliciously crafted media file or stream. The flaw is a heap-based buffer overflow (CWE-122) affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2016 through Server 2025. No public exploit identified at time of analysis, but the low complexity and network vector make it a high-priority patch item; exploitation requires user interaction (UI:R).

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Network File System (NFS) component allows an authenticated attacker to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). Reported by Microsoft and affecting a broad range of Windows 10, Windows 11, and Windows Server 2012-2025 releases, with a vendor patch available via MSRC. No public exploit identified at time of analysis, and no CISA KEV listing.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.

Authentication Bypass Microsoft Race Condition +18
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Elevation of privilege in the Windows Network File System (NFS) component affects a broad range of Microsoft platforms - Windows 10 (1607 through 22H2), Windows 11 (24H2, 25H2, 26H1), and Windows Server 2012 through 2025 - where an authorized attacker can win a time-of-check/time-of-use (TOCTOU) race condition over the network to gain higher privileges. The CVSS 3.1 vector (AV:N/AC:H/PR:L) indicates a network-reachable but high-complexity flaw requiring low-level existing privileges, with full high impact to confidentiality, integrity and availability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; a Microsoft (MSRC) patch is available.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in the Windows Remote Access Service (RRAS) Infrastructure allows an authenticated attacker to elevate privileges over the network by triggering an integer overflow (CWE-190) in affected code paths. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server releases (2012 R2 through 2025), and Microsoft has released a patch. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the network-reachable EoP profile with only low privileges required makes it a meaningful patch priority.

Buffer Overflow Microsoft Integer Overflow +16
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation via a heap-based buffer overflow in the Windows Network File System (NFS) role lets an authenticated, low-privileged network attacker send crafted requests to corrupt server heap memory and gain elevated privileges. Affected systems span Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025 wherever the Server for NFS role is present. No public exploit was identified at time of analysis and the flaw is not in CISA KEV, but the 8.8 CVSS with a network-reachable, low-complexity, no-user-interaction profile makes it a meaningful patch priority on NFS hosts.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Terminal (shipped on Windows 10 21H2/22H2, Windows 11 24H2/25H2/26H1, and Windows Server 2022/2025) arises from an integer overflow (CWE-190) that an unauthorized attacker can trigger, but only after luring a logged-on user into interacting with malicious content. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, so this is a defense-in-depth patch rather than an emergency, though the CVSS 7.8 reflects full confidentiality, integrity, and availability impact once triggered. Microsoft has released a patch via the MSRC update guide.

Buffer Overflow Microsoft Integer Overflow +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to elevate to SYSTEM by exploiting a use-after-free (CWE-416) memory corruption condition, spanning Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2016 through 2025. Reported by Microsoft with a CVSS 3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N), the flaw grants full confidentiality, integrity, and availability impact on the local system. No public exploit identified at time of analysis, and it is not listed in CISA KEV; a vendor patch is available.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel (CWE-416 use-after-free) lets an already-authenticated low-privilege user corrupt kernel memory and gain SYSTEM-level control across a broad range of Windows 10, Windows 11, and Windows Server 2016 through 2025 builds. Microsoft self-reported the flaw and has shipped a patch through the Update Guide; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 7.8 (AV:L/PR:L) it is a classic Patch-Tuesday local EoP suitable as a second-stage primitive after initial access.

Use After Free Memory Corruption Denial Of Service +15
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation (CWE-122 heap-based buffer overflow) lets an unauthorized attacker run arbitrary code when a victim opens a maliciously crafted media file or content that the platform parses. It affects a broad range of Windows client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Likely Act Now

Remote code execution in the Windows Server Network driver stems from a race condition (CWE-362) that lets an unauthorized attacker execute arbitrary code across a wide range of Microsoft Windows client and server builds, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with full confidentiality, integrity, and availability impact, and an 'Authentication Bypass' tag suggests the flaw can also subvert access controls. There is no public exploit identified at time of analysis and no CISA KEV listing, but the network-facing, pre-authentication nature makes it a high-priority patch.

Authentication Bypass Microsoft Race Condition +18
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Information disclosure in Microsoft Windows Schannel (the Secure Channel TLS/SSL provider) lets an authenticated, network-adjacent attacker read memory beyond an allocated buffer and leak sensitive data across a network connection. The flaw spans nearly the entire supported Windows family - Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2012 through 2025. Reported by Microsoft with a fix available; there is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows MIDI Service Module affects Windows 11 versions 24H2, 25H2, and 26H1, where a use-after-free (CWE-416) memory corruption lets an already-authorized local user run code with elevated privileges. Microsoft rates it CVSS 7.0 and has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Exploitation is non-trivial due to high attack complexity and requires the attacker to already hold low-level local privileges.

Use After Free Memory Corruption Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 21H2 +7
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in Microsoft Windows Remote Desktop (RDP) allows an unauthorized network attacker to run arbitrary code by triggering the use of an uninitialized resource (CWE-908). All currently supported Windows client and server releases are affected, from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. The CVSS 3.1 base score is 9.8 with a network, no-privileges, no-interaction vector; there is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Authentication Bypass Microsoft Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows MIDI Service Module affects Windows 11 versions 24H2, 25H2, and 26H1, where a use-after-free (CWE-416) memory-corruption flaw lets an already-authenticated local user elevate to higher privileges. Exploitation requires winning a race condition (high attack complexity), and Microsoft has released a fix; no public exploit identified at time of analysis. Rated CVSS 7.0 with full confidentiality, integrity, and availability impact once triggered.

Use After Free Memory Corruption Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows NTFS file system driver allows an authenticated low-privileged user to gain SYSTEM-level rights by triggering an integer overflow (CWE-190) during filesystem processing. It affects a broad range of supported Windows client and server releases, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; a vendor patch is available from Microsoft.

Buffer Overflow Microsoft Integer Overflow +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows NTFS driver lets an already-authenticated attacker corrupt heap memory to run code at a higher privilege level (typically SYSTEM) on affected Windows 10, Windows 11, and Windows Server builds. Microsoft reported the issue and has shipped a fix; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. With CVSS 7.8 (AV:L/PR:L) it is a valuable post-compromise pivot rather than an initial-access bug.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Win32k GRFX subsystem across Windows 10, Windows 11, and Windows Server 2012 through 2025 lets an authenticated low-privileged local attacker elevate to SYSTEM by triggering an out-of-bounds read (CWE-125). The flaw was reported internally by Microsoft, a vendor patch is available via MSRC, and there is no public exploit identified at time of analysis. CVSS is 7.8 (High), reflecting a local vector with low complexity and low privileges required.

Buffer Overflow Microsoft Information Disclosure +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege elevation in the Windows WebView component affects a broad range of currently-supported Windows client and server builds (Windows 10 1809 through Windows 11 26H1, and Windows Server 2019/2022/2025). By triggering a use-after-free (CWE-416) memory-corruption condition, an already-authenticated low-privilege attacker can execute code in a higher-privilege context, yielding full confidentiality, integrity, and availability impact on the local system. Microsoft has released a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +13
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.

Microsoft Denial Of Service Null Pointer Dereference +8
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft XML Core Services (MSXML) lets a low-privileged, authorized attacker on a Windows host reclaim a freed object (use-after-free, CWE-416) to run code at elevated privilege. It affects a broad Windows footprint spanning Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, including Server Core installations. Microsoft reported the flaw, a patch is available, and there is no public exploit identified at time of analysis; CISA SSVC currently rates exploitation as none.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Buffer Overflow Microsoft Information Disclosure +16
NVD
EPSS 0% CVSS 8.4
HIGH POC PATCH Exploit Likely This Week

Local code execution in the Windows DHCP Client service stems from a use-after-free (CWE-416) memory-corruption flaw affecting a broad range of Windows 10, Windows 11, and Windows Server releases (Server 2012 through Server 2025). Per the CVSS vector an unauthenticated attacker with local access can achieve high-impact code execution with no user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; Microsoft has released a patch through the MSRC update guide.

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in the Windows Desktop Window Manager (DWM) lets an already-authenticated, low-privileged attacker corrupt heap memory (CWE-122) to gain SYSTEM-level control across Windows 10 (1607 through 22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2016 through 2025. The CVSS 3.1 score of 8.8 reflects a scope change into a higher-integrity context with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Uninitialized memory disclosure in the Windows SMB stack allows a locally authenticated attacker to read sensitive contents from uninitialized buffers, affecting Windows 10, Windows 11, and Windows Server 2012 through 2025. The flaw (CWE-908) resides in the SMB subsystem where a resource is consumed before being properly zeroed, leaking residual memory contents to a low-privileged local user. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog; SSVC assessment places exploitation at none with partial technical impact, making this a standard patch-cycle priority rather than an emergency response item.

Microsoft Information Disclosure Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Runtime (WinRT) across Windows 10, Windows 11, and Windows Server 2019 through 2025 allows an already-authenticated attacker to win a race condition and gain SYSTEM-level privileges. The flaw stems from concurrent access to a shared resource without proper synchronization, and full C:H/I:H/A:H impact indicates complete host compromise once triggered. Reported by Microsoft with a patch available; no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Race Condition Information Disclosure +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Clipboard Server (Cliprdr/RDP clipboard virtual channel service) affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through 11 26H1 and Server 2025). An authenticated local attacker who can trigger a use-after-free (CWE-416) in the service can corrupt memory to run code at elevated (SYSTEM-level) privilege. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; Microsoft has released a patch.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 1% CVSS 8.1
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Windows OLE (Object Linking and Embedding) allows an unauthorized network attacker to run arbitrary code by triggering a type-confusion condition (CWE-843) in the OLE component. The flaw affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025, and carries a CVSS 8.1 (High) rating. No privileges or authentication are required per the CVSS vector, though the high attack complexity (AC:H) means exploitation depends on winning a specific timing or memory-state condition; there is no public exploit identified at time of analysis and it is not on CISA KEV.

Microsoft Memory Corruption Authentication Bypass +16
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Kernel lets an already-authenticated, low-privileged attacker on Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025 corrupt kernel memory via a use-after-free and gain SYSTEM-level control. The CVSS 3.1 score of 8.8 is elevated by a scope change (S:C), reflecting that kernel compromise crosses the boundary from user context to the OS itself. Microsoft has released a patch; no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Denial of service in Windows Active Directory allows an authenticated network attacker to crash or degrade the directory service via an out-of-bounds read (CWE-125). The flaw affects Active Directory across Windows 10 (21H2/22H2), Windows 11 (24H2/25H2/26H1), and Windows Server 2022/2025 including Server Core; there is no public exploit identified at time of analysis. Impact is primarily availability (A:H) with a minor confidentiality leak (C:L), and Microsoft has released a patch.

Buffer Overflow Microsoft Information Disclosure +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 Version 1607 +13
NVD
EPSS 0% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows Hyper-V hypervisor allows an already-authenticated, high-privileged attacker to corrupt heap memory (CWE-122) and elevate to higher privileges on the host. The scope-changed CVSS 3.1 vector (8.2) reflects that a successful exploit can breach the guest/host virtualization boundary, impacting confidentiality, integrity, and availability of the underlying host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; a Microsoft patch is available.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 1% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in the Microsoft Windows Kernel allows an authenticated attacker to gain SYSTEM-level control by exploiting a use-after-free (CWE-416) memory corruption condition. The flaw affects a broad range of Windows client and server builds - from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025 - and was reported by Microsoft with a patch available. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; the CVSS 3.1 base score is 7.8 (AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Use After Free Memory Corruption Denial Of Service +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Search Component affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a heap-based buffer overflow lets an already-authenticated local attacker corrupt memory and elevate to higher privileges (up to SYSTEM). The CVSS 3.1 score of 7.8 reflects local-only attack with low privileges required and no user interaction, yielding full confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Active Directory across a broad range of Windows client and server releases (Windows 10 1607 through Windows 11 26H1, and Windows Server 2012 through 2025) allows an authenticated local attacker to elevate privileges by triggering an integer overflow (CWE-190). Successful exploitation yields high confidentiality, integrity, and availability impact, effectively enabling escalation to SYSTEM-level control on the affected host. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has issued a patch via MSRC.

Buffer Overflow Microsoft Integer Overflow +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Media (a component shipping in Windows 11 versions 24H2, 25H2, and 26H1) lets an authenticated local attacker execute code at elevated privilege by triggering a use-after-free (CWE-416) memory-corruption condition. Reported by Microsoft with a vendor patch available, it carries CVSS 7.8 (High) and can yield full confidentiality, integrity, and availability compromise of the host. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Use After Free Memory Corruption Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Windows Media component of Windows 11 (versions 24H2, 25H2, and 26H1) allows an already-authenticated local attacker to win a race condition and gain SYSTEM-level privileges. Rated CVSS 7.8 (High), the flaw stems from improper synchronization of a shared resource; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Microsoft has released a patch via the MSRC update guide.

Microsoft Race Condition Information Disclosure +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft's Windows USB Print Driver stems from a use-after-free (CWE-416) memory corruption flaw affecting Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025. A low-privileged authenticated attacker who can execute code on the host and win a memory-timing race can corrupt kernel memory to gain higher (SYSTEM-level) privileges. Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation is not currently observed in the wild.

Use After Free Memory Corruption Denial Of Service +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Denial Of Service Null Pointer Dereference +18
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows NTFS (New Technology File System) driver lets an already-authenticated low-privileged user corrupt kernel memory via a use-after-free (CWE-416) and elevate to SYSTEM. The flaw affects a broad Windows client and server matrix (Windows 10 1809 through Windows 11 26H1, Windows Server 2019/2022/2025). It has no public exploit identified at time of analysis and is not on CISA KEV, but as a Microsoft-reported, patched NTFS kernel bug it is a routine patch-priority item on standard Patch Tuesday cycles.

Use After Free Memory Corruption Denial Of Service +12
NVD
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an already-authenticated attacker read memory outside allocated bounds (CWE-125) and leverage it to elevate to SYSTEM across a broad range of client and server builds (Windows 10 1809 through Windows 11 26H1, Windows Server 2019 through 2025). Microsoft rates it CVSS 8.8 with a changed scope, and a vendor patch is available; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Buffer Overflow Microsoft Information Disclosure +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in the Windows Telephony Service (TAPI) affects a broad range of Microsoft Windows client and server releases, from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through Server 2025. A local, low-privileged attacker who wins a race condition (CWE-362) in the service's handling of a shared resource can corrupt state and elevate to higher privileges, gaining full confidentiality, integrity, and availability impact on the host. There is no public exploit identified at time of analysis and it is not on CISA KEV; EPSS was not provided.

Microsoft Race Condition Information Disclosure +18
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Privilege escalation via heap-based buffer overflow in the Windows NTFS filesystem driver affects a broad range of Windows 10, Windows 11, and Windows Server versions, requiring only physical access to the target device - no OS credentials needed. An attacker with hands-on access to the hardware can trigger a heap overflow in NTFS processing to gain elevated privileges, potentially achieving full system compromise (High C/I/A). No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog, but the combination of zero authentication requirements and critical-level impact makes it a realistic threat for physically accessible endpoints. A vendor-supplied patch is available via the Microsoft Security Response Center.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH Exploit Likely This Week

Elevation of privilege in the Windows NTFS file-system driver lets an already-authenticated local user escalate to SYSTEM by winning a race condition (CWE-362) in the way NTFS handles a shared resource without proper synchronization. All currently supported Windows client and server builds are affected, from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025. There is no public exploit identified at time of analysis, but Microsoft has released a patch and rates the impact as full loss of confidentiality, integrity, and availability once exploited.

Microsoft Race Condition Information Disclosure +18
NVD
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy